ConfigServer Community Forum

Hello dear community.
I wanted to ask if ConfigServer ModSecurity Control support LiteSpeed Web Server and Imunify360?

Hi, I have a server with WHM and MOD SECURITY installed. ConfigServer ModSecurity Control - cmc v3.03

We discovered that Mod_security is not blocking, is just saving the data.

root@server:~# grep ' ModSecurity: Access denied' /usr/local/apache/logs/modsec_audit.log | wc -l
0
root@server:~# grep ' ModSecurity: Warning' /usr/local/apache/logs/error_log | wc -l
126525

Which could be the cause?...

Hello,

I have been running these delayed atomic rule sets for some time. I have found out that atomic rule sets are working if I review Mod_security tools. I see Critical messages. I am aware that CSF does not block warnings. In my case Critical notices are not blocking IPs in the CSF firewall. I have checked the rule (331032) severity is set to 5.

I'm at a loss here and wondering if anyone...

We've been using this tool for years. Recently have set up a new server, migrated accounts, and tools including this one. But there is no activity in the logs. Don't have a clue where to look. The configuration looks identical.

Hi,

We have been using CMC for a few years and find it invaluable when needing to make quick tweaks to ModSecuirty rules for specific users, domains, etc.

Since installing CMC there have been a couple of ModSecurity packages/modules added to easyApache in cPanel, and I am wondering whether CMC is compatible with these modules...

1. modsec2-rules-owasp-crs for auto updating the rule set
2....

Hello,

Is there any way to allow customer disable ModSecurity rules directly? Because at this time, I have to manage all tickets related to ModSecurity one by one and setup them in the CMC at the WHM side.

Hi there. I've been trying to update CMC on a new server through WHM, and updates have been failing for several weeks. The server is running CENTOS 7.5 standard v74.0.9

Here are the update messages:

Retrieving new cmc package...

Unpacking new cmc package...

tar (child): cmc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned...

We migrated clients to a new server using the WHM wizard. Should the standard migration wizard copy the modsec rule files created by CMC or is there something we should manually do?

The two user files I'm referring to:
/etc/apache2/conf.d/userdata/std/2_4/ /modsec.conf
/etc/apache2/conf.d/userdata/ssl/2_4/ /modsec.conf

Can CMC be used with Imunify360 to disable modsec rules for specific domain(s) and also server-wide?

Thanks.

I'm guessing this is a modsec question, but please let me know if I'm in the wrong place.

We have the problem of hackers trying to submit forged payment requests. They return the url /checkout?payment_failed=1 when their attempts fails.

How can we block their ip IF they visit that url more than 3 times?

Many thanks in advance.

i triggered modsec rule for testing.
I tailed /usr/local/apache/logs/modsec_audit.log and i saw modsec was trigger
when i check to whm > cmc > modsec log, i can't see anything.
so i try modsec plugin from cpanel (WHM > Plugins > Mod Security) i can see the record.

Any advice?

Hi,

I am getting this in the modsec log;

---
collections_remove_stale: Failed to access DBM file /var/cpanel/secdatadir/ip : Permission denied
---

Any advice?

/Tommy

trying to update a rule using 3.0.2 and i get this below. also it doesn't seem to be working (use to work not sure if its been deprecated or this software is dead? any fix would be apprecated

Initial configuration generation failed with the following message:

The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.3e8285bb.cfgcheck -C Include /etc/apache2/conf.modules.d/*.conf ”...

Hello

I received this email alert:

DISKWARN blocks ⚠: Mount Point /var/tmp

In fact I have this problem every time I start Modsecurity (WHM> Plugins> ConfigServer ModSecurity Control - cmc v3.02> On

How to solve? Why does he create full files in /tmp and are never deleted? !!

The contents are always the same, for example:

20190929-164834-XZDEQvVm4BVDTJKP-ghNEwAAABE-file-3LUIA0

There...

Hi,
Here's what I did:

I add user in this file /etc/csf/csf.pignore
Then I put:
================
PT_USERMEM = 0
================
and
================
PT_USERTIME = 0
================
Then I restart CSF with this command below:
=================
csf -r
=================
But, I continue to receive these emails and I do not know what to do

Thank you for helping me.

Hello,

is it possible to allow a rule to pass only for an ip address?

Regards,

A few user already reported this issue in the general section.

It looks like the script isn't downloading the installationpackage from configserver.com and then is unable to extract the non-existing package.

Retrieving new cmc package...

Unpacking new cmc package...

tar (child): cmc.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child...

Hello

My question is simple : Is cmc still useful/can work with the nowadays cpanel server?

I asked this because it is pretty confusing now to me that cpanel already comes with its cpanel modsecurity tools that can setup different rules/disable rules, More importantly, it looks like it is not working now?

For example, in cmc the first option can let you disable the mod_security completely, i...

Hello,

We have some security rules deactivated in ConfigServer ModSec Control . The problem is that even with the rules disabled there are still clients being blocked in our firewall because of them.

The rules are: 970901 and 981205

In our logs:

ModSecurity: Access denied with code 403 (phase 4). Pattern match ^5\\\\d{2}$ at RESPONSE_STATUS.

ModSecurity: Warning. Operator GE matched 0 at...

Hi.
Thanks for the time-saver.
We have been using it.
However, since we upgraded to v66, CMC U is blank.
Please is there any ETA for an update?
Thanks!!